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Washington, D.C. 20231 



RISK ASSESSMENT AND MANAGEMENT SYSTEM 



G. Akers 
3624 



DECLARATION OF PRIOR INVENTION PURSUANT TO 37 C.F.R. §1.131 



I, Thomas R. Packwood, -the sole inventor of the above- 
captioned patent application do hereby declare: 



1. This declaration is submitted to establish a date of 
invention prior to August 31, 1998, which is the effective date of 
U.S. Patent 6,223,143 to Weinstock cited by the examiner; 

2. I am an employee of Uiiion State Bank, Orangeburg, New 
York, the assignee of the application, and I created this invention 
during the course of my employment while in Orangeburg, New York; 
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3. In 1998, I began formulating and conceptualizing a method 
for more effectively evaluating and managing risks associated with 
the business of Union State Bank; 

4. On August 10, 1998, I prepared and sent a memorandum 
describing my inventive method for evaluating and managing risks to 
my superiors at Union State Bank. A redacted copy of my memorandum 
and representative portions of Appendices A and B to my memorandum 
are attached hereto as Exhibit 1. The redacted portions include 
identifications of particular employees and sensitive or 
confidential business information relating to particular operations 
of Union State Bank, and are not essential to an understanding of 
the invention described therein. Particularly, the actual values 
for the risk factors and ranges in the enclosed portion of Appendix 
A have been redacted; 

5. My memorandum describes and illustrates substantially all 
aspects of my invention, including identifying risk factors, 
developing at least two ranges of risk levels for each risk factor, 
determining and coding the actual risk level value for each risk 
factor by a color coded indicia, assigning risk tolerance levels to 
the risk factors, preparing a report of the risk factors, and using 
a computer to prepare the report; and 
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6. 



I hereby declare that all statements made herein of my 



own knowledge are true and that all statements made on information 
and belief are believed to be true; and further, that these 
statements were made with the knowledge that willful false 
statements and the like so made are punishable by fine or 
imprisonment, or both, under 18 U.S.C. §1001, and that such willful 
false statements my jeopardize the validity of this application or 
any patent issued thereon. 





Thomas R. Packwood 
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UNION STATE BANK 

Inter-Office Memorandum 



To: Thomas E. Hales, Chief Executive Officer 

Steven <fl Sabatini, Chief Financial Officer 

From: Thomas R. Packwood, Chief Internal Auditor 

Date: August 10, 19'98 

Subject: Risk Management 



Proper Risk Management is critical to the success of an organization. A 
while back, I was tasked with investigating and developing a centralized risk 
management system. Although our present risk management systems were effective 
(senior management and Board review), it was deemed prudent to enhance and 
centralize our risk management system. The centralizing of our risk management 
system is also in direct correlation with the core covenant, in that standards 
for measuring risk tolerance will be established and clearly documented. In the 
rest of this document, I will outline my proposal for centralized risk 
management. 

Each area of the Bank, 
level, presently is responsible for managing the risk in his/her respective 
area. My proposal to centralize the risk management systems will not change 
this. Two key documents have been created to review, . document and monitor risk. 
Appendix A is the quarterly risk monitoring report. Each department of the Bank 
will have a report (Branch Administration, Compliance, Finance, Internal Audit, 
Loans, Marketing, Operations Division, Personnel). This Appendix A is a first 
draft document, the risks and risk standards will have to be reviewed with the 
respective department manager. I accumulated this information, from my knowledge 
and experience with the Bank, the key goal of this memo to you today is to agree 
with the concept and framework of this quarterly risk management report. The 
more people who review and comment on this document (USB management committee, 
^■■■■^■■■■■V/ examiners), th e b etter. The most time consuming part of this 
project «HflBHMBHBflBBHBHBHtf will be the initial detailed review 
required to establish the Bank's risk standards. Many of these standards should 
come from existing Board policies. Once the initial risk standards are 
established, only ongoing maintenance of the Bank's risk standards will be 
required. 

Note: The MHMMMHfc risk numbers utilized in this first draft of the 
quarterly risk monitoring are estimated for presentation purposes. Again, the 
purpose of this first draft is to agree with the conceptual framework of this 
report. The risk numbers will be verified during future drafts. It is also 
assumed that the departments will add additional risk measures to this report 
during their review. 

The quarterly risk management report adopted the red, yellow, green light 
approach. Red is defined as "Significantly below Bank standards. Corrective 
Action nec ssary". Yellow is defined as "Acceptable, but below Bank standards. 
Proactive, early action necessary". Green is defined as "In compliance with 
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Bank standards". Appendix B is the risk matrix for each department of the Bank, 
This matrix documents the annual risk analysis for each department of the Bank, 
Each year when the risk matrix is completed (August 31) it would be compared to 
the quarterly risk management report to make sure all measurable risks are 
adequately addressed in the quarterly risk management report. 

A question/answer format will be utilized to explain this process further. 

Who will prepare the quarterly risk management report? Each department will be 
responsible for answering/calculating their risk information and then will 
forward the information to the Internal Audit Department (As an alternative, 
this might be a Chairman's Department L. Brown report?) . This process will 
function in a similar fashion to our current monthly Proving & Aging report 
process. The risk information would be entered into the computer and the 
centralized risk management report would be generated* VHHHBfl^HNMHHflMP 

• would get full copies of this report. All otherJ^BF 
'members would only get copies of the risk management report 
pertaining to their respective area. A full copy of this quarterly risk 
management report would then be reviewed with the Board of Directors at the next 
Board meeting. 



How will the integrity of the risk information submitted by the departments be 
maintained? The preparer of $lie departmental risk information will be expected 
to maintain a. file of supporting workpapers. A supervisor of the respective 
department will be expected to approve the risk information before it is 
submitted to Internal Audit. These workpapers must be retained by the 
respective department, and they will be reviewed as part of the next Internal 
Audit review of the respective area. 



How will the risk standards be changed? 
centrally ^■^■■■■■■■■■■lIH 



Since the risk standards are controlled 
an approval 



required to change the risk standards. It is concluded therefore that the risk 
managers will communicate/discuss risk standard changes 



Will we have a one page centralized risk management report? Yes. After the 
departmental risk management reports are finalized, they will be reviewed and 
the key information from these reports will be consolidated into a one page 
report. 

Are there future plans to enhance the quarterly risk management report? Yes. 
For some of the larger departments of the Bank, Finance, Operations, and Loans, 
it might become necessary to segregate the risk management report by the 
operating units within the Department (for example* Finance- Accounting, 
Investments, Asset/Liability, Purchasing). 



I would like to meet with you to discuss this memo as soon as possible. If 
possible, I would like to present this centralized risk management process at 
the August 21, 1998 Management Committee meeting. With the approval of this 
memo, I would then meet with department heads individually to review both of 
these documents and then prepare revised copies of both these documents. The 
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end result would be that this would serve as the centralized risk management 
documentation for 1998/1999. I would like to have the 1998 risk matrix 
(Appendix B) completed by August 31, 1998. I would like to have the first 
quarterly risk management report issued as of September 30, 1998. I will 
actively work with the departments, but it is key that the departments realize 
that this is their risk monitoring/supervisory report, it is not an Internal 
Audit report. I will need your help in emphasizing this to all Management 
Committee members. 



Page 3 



juiramch AdMDiDiisllratfioni 

Pate: March 31, 1998 
Risk Mamagerr 

1 . Last compliance regulatory exam 
ratin & ...^ 

2. Baiikwide efficiency ratio. 



3. Last Safety and Soundness exam 
rating. 

4. Net interest income as a % of average 



5 . Tellers over & shorts for the quarter. 



6. Branch charge-ofFs for the quarter. 



7. Last Internal Audit Report Rating, 



8. # of employee warnings filed this 
quarter. 

Months since last Board approval of 
Branching Policy. 

10. # of unprofitable branches in the 
branch system. 

11. Average overdraft and uncollected 
charge % for the quarter. 

12. Self Assessment of Year 2000 
compliance. 



13. 



14. 



15. 



16. 



17. 



18. 



21. 



22. 



23. 



24. 



25. 



26. 



27. 



28. 



29. 



30. 



31. 



32. 



33. 



34. 



35. 



36. 



37. 



38. 



Red 




Significantly below Bank standards. Corrective 
action necessary. 
Acceptable, but below Bank standards. Proactive, 
Yellow early action necessary. 



hi compliance with Bank standards. 



40. 



41. 



42. 



43. 



44. 



45. 



46. 



47. 



48. 



49. 



50. 



51. 



52. 



53. 



54. 



55. 



56. 



57. 



Union State Bank 
Risk Management Report 

anch Administration Department 

Date: March 31, 1998 
Risk Manager: 



Red Signj^^^y below Bank Standards. Corrective action necessary. 

Yellow Acceptable, but below Bank standards. Proactive, early action necessarv. 

Green In compliance with Bank standards. 



Legend for Risk Management Reporting: 



l. Lasl Compliance Regulatory exatn rating: 


14. 


Red ^ormore 


Red 


Yellow - ^through J| 


Yellow 


Green - 0 


Green 


2. Bankwide efficiency ratio: 


15. 


Red or more 


Red 


Yellow -^p'othrough^^o 


Yellow - 


Green - or less 


Green 


3. i*ast Safety and Soundness Exam rating: 


16. 


Red -CAMELS §oi^ 


Red 


Yellow - CAMELS 9 


Yellow - 


Green ~ CAMELS forfc 


Green - 


4. Net interest income as a % of average assets: 


17. 


Red -«^ 0/ o or less 


Red 


Yellow -^|°b through ^% 


Yellow - 


Green - -4&°'o or more 


Green 


5. Tellers over & shorts for the quarter: 


18. 


Red - $MM or more . 


Red 


Yellow - $M through $4V^ 


Yellow ~ 


Green -S^Bfcorless 


Green - 


6. Branch charge-offs for the quarter: 


19. 


Red -» SflBBVor more 


Red ~ 


^■ ■ Yellow -SfliHV through 


Yellow - 


;V£. Jreen ~ SflHHFor less 


Green 


7. Last Internal Audit Report Rating: 


20. 


Red r- Level #or below 


Red 


Yellow ~Levei% 


Yellow - 


Green - Level%or Level J| 


Green ~ 


8! # of employee warnings filed this quarter 


21. 


Red - 4^or more . . 


Red 


Yellow -^through £ 


Yellow ~ 


Green -fcorless 


Green ~ 


9. Last Board approval of Branching Policy: 


22. 


Red - ^ months or more 


Red 


Yellow -Hfrthrough ^months 


Yellow ~ 


Green - H months or less 


Green 


10. # of unprofitable branches in the branch system: 


23. 


Red -•or more 


Red 


Yellow -^through^ 


Yellow - 


Green -%orless 


Green 


1 1. Average overdraft and uncollected charges for the quarter 


24. 


Red - or less 


Red 


Yellow - •? o through^© 


Yellow - 


Green -^J^o or more 


Green 


1 2. Self Assessment of the Year 2000 compliance: 


25. 


Red -#%orless 


Red - 


Yellow ~&/o through 


Yellow - 


Green - or more 


Green 


13. 


26. 


Red 


Red 


Yellow - 


Yellow - 


Jreen 


Green ~ 
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^ (omnpliaiiace Department 

Bate: March 31, 1998 
Risk Manager; 1 

1 . Last Compliance Regulatory Exam 
rating, 

2. Bankwide efficiency ratio. 



3 . Last Safety and Soundness exam 
rating. 

4. Last CRA rating, (^Outstanding, 
(2)Satisfactory, (3)Needsto Improve, 
(4)Substantial Non-compliance. 

5. Last Internal Audit Report Rating 



6. Months since last Board approval of 
the Compliance Program. 

7. Months since last Board approval of 
Bank Secrecy Act Policy. 

8. Months since last Board approval of 
the Office of Foreign Assets Control 
Policy. 

9. # of Compliance Program areas not 
reviewed within the last 24 months. 
(16 total review areas) 

10. Self Assessment of Year 2000 
compliance. 



11. 



12. 



13. 



14. 



15. 



16. 



17. 
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21. 



22. 



23. 



24. 



25. 



26. 



19. 



27. 



28. 



29. 



30. 



3A. 



32. 



33. 



34. 



35. 



36. 



37. 



38. 



Yellow 



Significantly below Bank standards. Corrective 
action necessary. 

Acceptable, but below Bank standards. Proactive, 
early action necessary. 

In compliance with Bank standards. 



40. 



41. 



142. 



43. 



44. 



45. 



46. 



47. 



48. 



49. 



50. 



51. 



52. 



53. 



54. 



55. 



56. 



57. 



Union State Bank 
Risk Management Report 
mpliance Department 



Red Signifl^pP/ below Bank Standards. Corrective action necessary. 

Yellow Acceptable- but below Bank standards. Proactive, early action necessary 

Green In compliance with Bank standards. 



Date: March 31, 1998 
Risk Manager; 



Legend for Risk Management Reportingj 



10. 



n. 



Last Compliance Regulatory rating: 
Red -4°*% 

Yellow 
Green 

Bankwide efficiency ratio: 

Red - or more 

Yellow - %*o through f % 

Green - f °'o or less 

Last Safety and Soundness Exam rating: 

Red -CAMEUS%rJ|. 

Yellow -CAMEL^ 

Green - CAMELSf or f 

UstCRA rating: 

Red - |f Substantial Noncompliance , 

Yellow - ffNcedft to Improve 

Green ~ ^Outstanding or <f Satisfactory ■ 

Last Internal Audit Report Rating: 

Red - Level for below 

Yellow - Levelf 

Green - Level for Level 0 

Months since last Board approval of the Compliance Program: 

Red months or more : 

^Yellow ~ % through^ months 
:?i\jreen ^ months or less 

Months since last Board approval of Bank Secrecy Act Policy: 

Red -^months or more . 

Yellow ~ ^through ^months 

Green - ^months or less 

Months since last Board approval of the Foreign Assets Control Policy: 
Red -^months or more 
Yellow ~ ft through^ months 
Green ~ ^months or less 

# of Compliance areas not reviewed within the last 24 months: 
Red ~^or more 
Yellow -•ftthrougjf^ 
Green -ft 

Self Assessment of year 2000 compliance: 
Red Less than 9% 

Yellow ~ Between $%and0% 
Green -4^/o or more 

Red - 
Yellow ~ 
Green ~ 



12. 



13. 
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Red 

Yellow - 
Green 

Red 

Yellow - 
Green ~ 



14. 

Red 

Yellow 

Green 

15. 

Red 

Yellow 

Green 

16. 

Red 

Yellow 

Green 

17. 

Red 

Yellow 

Green 

18. 

Red 

Yellow 

Green 

19. 

Red 

Yellow 

Green 

20. 

Red 

Yellow 

Green 

21. 

Red 

Yellow 

Green 

22. 

Red 

Yellow 

Green 

23. 

Red 
. Yellow 
Green 

24. 

Red 

Yellow 

Green 

25. 

Red 

Yellow 

Green 

26. 

Red 

Yellow 

Green 
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- Quarterly Examining 
Conxnittee meetings 
• formal, documented assess- 
ment of audit by the Board 
<SA5 65) 


- Develop, enhance the audits 
of the Finance Department. 
Design a system that is risk 
based, timely and acceptable 
to the regulators and 
independent auditors 


- assign, cocnnunicate and set 
target date for critical 
procedures to be documented 


CONTROLS 


- Employee performance 
evaluations 

- Submission of annual audit 
plans and yearly audit con- 
clusions' memo to the Examin- 
ing Committee 

- Quarterly audit activity 
summary report to the Board of 
Directors 


- proper instruction of audits 
and adequate supervisory 
review 

- A well -trained and knowledge- 
able staff (seminars) 

- Identification of problem 
loans, quarterly loans over 
S100K report from loan 
officers 

- Annual internal audits of 
various departments 


- written job descriptions 

- Audit programs 


HON I TOR I KG/REPORT I If G 


- Quarterly audit activity 
- sutmary report 

- Annual independent accountant 
audits 

- Annual regulatory examinations 


- A comprehensive, cost- 
effective and risk*based 
audit plan approved by the 

: Board of Directors 

- Quarterly summary of audit 
activities to the Board of 
Oi rectors 

Quarterly allowance memo 


- review of audit operating 
procedures by Chief Internal 
Auditor 
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-regulatory orders 
•increased auditing fees 
•micro-management 


- increased losses due 
to not uncovering 
frauds 

- reporting of material 
weaknesses to the FOIC 
by independent 
accountants if not 
identified and correc- 
tive measures . imple- 
mented 

• increased losses due 
to not identifying 
problem loans on a. 
timely basis 

- fines for violations 
of laws 


- An Audit Department 
must be able to react 
to risk in a timely 
and efficient manner 
and perform audits as 
frequently as risk 
analysis requires, 
failure to complete 
audits and failure to 
react to issues on a 
timely basis could 
lead to increased 
losses. 


RISK 
TOLERANCE 


Low 


Low 


-J 


f 

K 
« 


Low 


Moderate 


Moderate 
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The risk that the regulators 
and independent accountants 
conclude that the Internal 
Audit/Loan Review Department 
is unreliable 


II Detection Risk 


This is the risk of failing to 
identify; material misstate- 
ments of the financial state- 
ments' fraud, irregularities, 
illegal acts, violations. of 
laws, problem loans, material 
weaknesses in controls and 
reportable conditions 


1 Personnel Risk 


The risk xhat existing 
employees of the department 
will leave/retire without 
adequate documentation of the 
procedures performed. The 
risk is that certain 
procedures might be oraftted or 
that there is an inordinate 
amount of transition time for 
new employees in the 
Department. 
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